Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
10-06-2005, 12:30 AM
|
#1
|
Member
Registered: Apr 2005
Location: Sydney
Distribution: FC5
Posts: 174
Rep:
|
Samba on DMZ
Hi,
I have set up samba on one of my machines which is exposed to the internet using the DMZ setting on my router. I can acccess the samba shares from any computer on my internal network but can't access the shares from anywhere external. I have uncommented the line hosts allow = in smb.conf but still no luck. Anyone have any other ideas what could be prevented access?
Paddy
|
|
|
10-06-2005, 08:16 AM
|
#2
|
Member
Registered: Oct 2004
Location: Florida
Distribution: Debian
Posts: 319
Rep:
|
What about FC's firewall settings.
|
|
|
10-06-2005, 06:22 PM
|
#3
|
Senior Member
Registered: Mar 2003
Location: Brisbane Queensland Australia
Distribution: Custom Debian Live ISO's
Posts: 1,291
Rep:
|
For security I would strongly recommend against accessing your samba shares from the internet. Samba is not a designed for the internet and all data you access will be exposed in clear view of others. If you need to access your shares from the internet you should look at setting up some form of encryption like a vpn to make sure your data is secured.
|
|
|
10-06-2005, 06:43 PM
|
#4
|
Member
Registered: Feb 2004
Location: UK
Distribution: RHEL, Ubuntu, Solaris 11, NetBSD, OpenBSD
Posts: 226
Rep:
|
Quote:
For security I would strongly recommend against accessing your samba shares from the internet. Samba is not a designed for the internet and all data you access will be exposed in clear view of others. If you need to access your shares from the internet you should look at setting up some form of encryption like a vpn to make sure your data is secured.
|
Ditto. Even if you configure samba correctly to require authentication etc. it's got a mass of potential security holes, as have the MS protocols it's designed to support. You really don't want to do this.
Cheers,
Steve
|
|
|
10-06-2005, 07:17 PM
|
#5
|
Member
Registered: Apr 2005
Location: Sydney
Distribution: FC5
Posts: 174
Original Poster
Rep:
|
Thanks for the info, due to the security risks I have decided to put the machine behind a firewall and set up a vpn and access my files that way. Sounds liek it's a lot safer than using samba!
Paddy
|
|
|
10-06-2005, 08:17 PM
|
#6
|
Senior Member
Registered: Oct 2004
Location: Houston, TX (usa)
Distribution: MEPIS, Debian, Knoppix,
Posts: 4,727
|
Smart move, now I don't have to post a "double ditto".
And thanks for acknowledging the advice taken.
|
|
|
10-06-2005, 08:27 PM
|
#7
|
Senior Member
Registered: Mar 2003
Location: Brisbane Queensland Australia
Distribution: Custom Debian Live ISO's
Posts: 1,291
Rep:
|
Quote:
Originally posted by paddyjoy
Thanks for the info, due to the security risks I have decided to put the machine behind a firewall and set up a vpn and access my files that way. Sounds liek it's a lot safer than using samba!
Paddy
|
That's a good idea, samba is orginally designed for an internal network, things like http, ftp and mail servers are usually what you put on your dmz since you have to allow certain ports to forward into the network this provides a pinhole for exploitation, and by having a serperate network if some hacker/cracker/scriptkiddy manages to compromise host on that network, it's atleast seperated from you local network.
|
|
|
10-06-2005, 08:36 PM
|
#8
|
Member
Registered: Apr 2005
Location: Sydney
Distribution: FC5
Posts: 174
Original Poster
Rep:
|
Downloaded openvpn and got it up and running in about 15 minutes, too easy! Feel a lot safer now
Thanks,
Paddy
|
|
|
10-06-2005, 10:14 PM
|
#9
|
Senior Member
Registered: Mar 2003
Location: Brisbane Queensland Australia
Distribution: Custom Debian Live ISO's
Posts: 1,291
Rep:
|
Quote:
Originally posted by paddyjoy
Downloaded openvpn and got it up and running in about 15 minutes, too easy! Feel a lot safer now 
Thanks,
Paddy
|
I haven't used openvpn, didn't realise it was that easy to setup, going to look into it myself 
|
|
|
10-06-2005, 10:35 PM
|
#10
|
Member
Registered: Apr 2005
Location: Sydney
Distribution: FC5
Posts: 174
Original Poster
Rep:
|
Yeah you should, they have a good how-to on their site. I'm at work now and have my windows xp machine connected into the openvpn server running on fc4 at home, I'm pretty impressed
Paddy
|
|
|
All times are GMT -5. The time now is 09:09 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|